From f934b2f84c6e1f565e363221f6078643d92bae71 Mon Sep 17 00:00:00 2001 From: Michal Date: Mon, 9 Mar 2026 03:24:51 +0000 Subject: [PATCH] ci: run docker job in privileged container with socket mount No build tool works in the default unprivileged runner container (no Docker socket, no procfs, no FUSE). Run the docker job privileged with the host Docker socket mounted, then use standard docker build/push. Co-Authored-By: Claude Opus 4.6 --- .gitea/workflows/ci.yml | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index f8489bd..dfb8f0e 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -142,46 +142,43 @@ jobs: runs-on: ubuntu-latest needs: [build] if: github.ref == 'refs/heads/main' && github.event_name == 'push' + container: + options: --privileged -v /var/run/docker.sock:/var/run/docker.sock env: REGISTRY: ${{ env.GITEA_REGISTRY }} OWNER: ${{ env.GITEA_OWNER }} steps: - uses: actions/checkout@v4 - - name: Install buildah - run: sudo apt-get update && sudo apt-get install -y buildah + - name: Login to Gitea container registry + run: | + echo "${{ secrets.PACKAGES_TOKEN }}" | docker login \ + --username ${{ env.OWNER }} --password-stdin \ + ${{ env.REGISTRY }} - name: Build & push mcpd run: | - buildah --storage-driver vfs --isolation chroot bud -t mcpd:latest -f deploy/Dockerfile.mcpd . - buildah --storage-driver vfs push --tls-verify=false \ - --creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \ - mcpd:latest \ - docker://${{ env.REGISTRY }}/${{ env.OWNER }}/mcpd:latest + docker build -t ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpd:latest \ + -f deploy/Dockerfile.mcpd . + docker push ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpd:latest - name: Build & push node-runner run: | - buildah --storage-driver vfs --isolation chroot bud -t node-runner:latest -f deploy/Dockerfile.node-runner . - buildah --storage-driver vfs push --tls-verify=false \ - --creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \ - node-runner:latest \ - docker://${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-node-runner:latest + docker build -t ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-node-runner:latest \ + -f deploy/Dockerfile.node-runner . + docker push ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-node-runner:latest - name: Build & push python-runner run: | - buildah --storage-driver vfs --isolation chroot bud -t python-runner:latest -f deploy/Dockerfile.python-runner . - buildah --storage-driver vfs push --tls-verify=false \ - --creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \ - python-runner:latest \ - docker://${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-python-runner:latest + docker build -t ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-python-runner:latest \ + -f deploy/Dockerfile.python-runner . + docker push ${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-python-runner:latest - name: Build & push docmost-mcp run: | - buildah --storage-driver vfs --isolation chroot bud -t docmost-mcp:latest -f deploy/Dockerfile.docmost-mcp . - buildah --storage-driver vfs push --tls-verify=false \ - --creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \ - docmost-mcp:latest \ - docker://${{ env.REGISTRY }}/${{ env.OWNER }}/docmost-mcp:latest + docker build -t ${{ env.REGISTRY }}/${{ env.OWNER }}/docmost-mcp:latest \ + -f deploy/Dockerfile.docmost-mcp . + docker push ${{ env.REGISTRY }}/${{ env.OWNER }}/docmost-mcp:latest - name: Link packages to repository env: